It may happen that the scalars used by SECPxxxr1 turn out to be slightly
smaller than their actual size when serialized to `UnsignedBigInteger`,
especially for P521. Handle this case by serializing zeros instead of
failing.
Originally discovered as a flaky WPT test.
Our `UnsignedBigInteger` implementation cannot handle numbers whose
size is not a multiple of 4. For this reason we need to carry the real
size around for P-521 support.
Implement the Ed448 curve for signing and verifying using OpenSSL.
The methods could be all made static, but all other curves are not.
I think this is material for further refactoring.
This adds a thin wrapper to LibCrypto for generating cryptographically
secure random values and replaces current usages of PRNG within
LibCrypto as well.
This required multiple changes:
- Make hashes non-copiable because they contain a heap allocated pointer
- Reference classes via `NonnullOwnPtr` only (they are non-copiable)
- Drop all existing hashes implementations
- Use the `OpenSSLHashFunction` base class to implement the same hashes
I was not able to come up with a way to divide this commit into multiple
without increasing the amount of changes.
Nothing breaks with this commit!
In order for public/private key serialization to work correctly we must
store the size of the key because P-521 cannot be stored as full words
inside `UnsignedBigInteger` and therefore is exported as the wrong
length (68 instead of 66).
This makes it also possible to refactor some methods and cleanup
constants scattered around.
Gets almost all import/export tests, expect the JWK ones that calculate
the public key on export. The `SECPxxxr1` implementation currently fails
to do calculations for P-521.
Define SECP521r1 with its constants. Since the parameters cannot be
represented as full bytes, a slight modification has been added to the
byte size.
The current implementation of SECPxxxr1 does not work with this curve.
Little refactoring to remove the last bits of ASN1 decoding/encoding
from within the `SECPxxxr1` class. It was a bit confusing for the
`SECPxxxr1` methods to handle ASN1 internally implicitly. Some explicit
methods are available to achieve the same functionality on the data
structures.
This allows to move ASN1 logic from inside the `SECPxxxr1` curve
itself to the data structures. It makes more sense to have dedicated and
explicit methods to handle transformation between formats.
It looks like the `SECPxxxr1` was made mainly to work with the TLS
implementation which requires everything to be bytes. This is not always
the case and a loss of generality.
I have added some methods that take and return `UnsignedBigInteger`s
for better interoperability with ASN.1 stuff. I would like to remove
the old methods relying on bytes, but I haven't made my mind around how
to generalize it for all curves.
